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What is Claimed is: 



1. A method for single-step subscriber logon to a differentiated data 
communications network including a first domain and a second domain, said method 
comprising: 

negotiating for the transport of multi-protocol data packets over a point-to-point 
u communication link between the host and a network interface; 

□ 

„p identifying a source address for a host; and 

authorizing said host to access said first domain and said second domain based 

P 

ili upon login information obtained from said subscriber. 

j»s|: 

l vw fc 

fU 2. The method of claim 1 further comprising: 

authenticating said subscriber based upon login information obtained from said 
subscriber. 

3. The method of claim 2 wherein authenticating is accomplished using Link 
Control Protocol. 
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4. The method of claim 1 wherein identifying a source address is accomplished using 
Internet Protocol Control Protocol (IPCP). 

5. The method of claim 1 wherein identifying a source address further comprises: 

assigning an Internet Protocol address to said subscriber from a pool of addresses 
located in memory. 

6. The method of claim 1 wherein identifying a source address further comprises: 

assigning an Internet Protocol address to said subscriber from an authentication 
reply packet received from an authentication server. 

7. The method of claim 1 wherein negotiating for the transport of multi-protocol 
data packets is accomplished using Point-to-Point Protocol (PPP). 

8. The method of claim 1 wherein authorizing said subscriber to access said first 
domain and said second domain further comprises: 

writing said login information into memory. 

9. A method for single-step subscriber logon to a differentiated data 
communications network including a first domain and a second domain, said method 
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comprising: 

authenticating a subscriber based upon login information obtained from said 
subscriber; 

negotiating for the transport of multi-protocol data packets over a point-to-point 
link existing between the subscriber's host and a network interface; 

identifying a source address for said subscriber; 
writing said login information into memory; and 

authorizing said subscriber to access said first domain and said second domain 
based upon said login information obtained from said subscriber. 

10. A method for single-step subscriber logon to a differentiated data communication 
network including same-session access capabilities to a first domain and a second 
domain, said method comprising: 

negotiating for the transport of multi-protocol data packets over a point-to-point 
communication link between the subscriber's host and a network interface; 

identifying a source address for a subscriber; and 
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authorizing said subscriber to access said first domain and said second domain 
based upon login information obtained from said subscriber, 

11. The method of claim 10 further comprising: 

authenticating said subscriber based upon login information obtained from said 
subscriber. 

12. The method of claim 1 1 wherein authenticating is accomplished using Link 
Control Protocol. 

13. The method of claim 10 wherein identifying a source address is accomplished 
using Internet Protocol Control Protocol (IPCP). 

14. The method of claim 10 wherein identifying a source address further comprises: 

assigning an Internet Protocol address to said subscriber from a pool of addresses 
located in memory. 

15. The method of claim 10 wherein identifying a source address further comprises: 

assigning an Internet Protocol address to said subscriber from an authentication 
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reply packet received from an authentication server. 

16. The method of claim 10 wherein negotiating for the transport of multi-protocol 
data packets is accomplished using Point-to-Point Protocol (PPP). 

17. The method of claim 10 wherein authorizing said subscriber to access said first 
domain and said second domain further comprises: 

writing said login information into memory. 

18. A method for single-step subscriber logon to a differentiated data communication 
network including same-session access capabilities to a first domain and a second 
domain, said method comprising: 

authenticating a subscriber based upon login information obtained from said 
subscriber; 

negotiating for the transport of multi-protocol data packets over a point-to-point 
link existing between the subscriber's host and a network interface; 

identifying a source address for said subscriber; 

writing said login information into memory; and 
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authorizing said subscriber to access said first domain and said second domain 
based upon login information obtained from said subscriber. 

19. A method for single-step subscriber logon of a host to a differentiated data 
communication network having access to a first domain and a second domain 
comprising: 

receiving login information from the subscriber; 
authenticating said subscriber based upon said login information; 
storing said login information in memory; 

notifying the subscriber's host once a successful authentication process has been 
completed; 

negotiating an address allocation session with said host; 
assigning a source address to said host; 

negotiating for the transport of multi-protocol data packets over a point-to-point 
link existing between said host and a network interface; and 
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writing a subscriber-related entry into memory based upon said source address 
and said login information. 

20. The method of claim 19 wherein said authenticating act further comprises: 
processing an authentication request packet based upon said login information; 
sending said authentication request packet to an authentication memory bank; 

and 

receiving an access accept reply packet from said authentication memory bank. 

21. The method of claim 20 wherein said sending said authentication request packet 
further comprises: 

sending said authentication reply packet via a Remote Access Dial-In User 
Service (RADIUS) protocol communication link. 

22. The method of claim 19 wherein said writing further comprises: 

writing said subscriber-related entry into a memory based upon configuration 
information in said access accept reply packet. 
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23 . The method of claim 1 9 wherein said subscriber login information further 
comprises the user name and user authenticate*. 

24. The method of claim 19 wherein said receiving login information obtained from 
said subscriber further comprises: 

receiving login information using a Link Central Protocol (LCP) communication 



25. The method of claim 19 wherein said negotiating an address allocation session 
further comprises: 

negotiating an address allocation session using an Internet Protocol Control 
Protocol (IPCP) communication link. 

26. The method of claim 19 wherein said assigning a source address further 
comprises: 

retrieving a subscriber Internet Protocol address from a pool of addresses located 
in memory. 

27. The method of claim 19 wherein said assigning a source address further 



link. 
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comprises: 

retrieving a subscriber Internet Protocol address from an access accept reply 
packet received from an authentication server. 

28 . The method of claim 1 9 wherein negotiating for transport of multi-protocol data 
packets further comprises: 

negotiating a Point-to-Point Protocol session between said host and said network 
interface. 

29. An apparatus for single step logon of a host to a differentiated data 
communication network having the capacity to create same-session open channels to a 
first domain and a second domains, the apparatus comprising: 

a means for negotiating for the transport of multi-protocol data packets over a 
point-to-point link existing between the subscriber's host and a network interface; 

a means for identifying a source address for a subscriber; and 

a means for authorizing said subscriber to access said first domain and said 
second domain based upon login information obtained from said subscriber. 
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30. The apparatus of claim 29 further comprising: 

a means for authenticating said subscriber based upon login information 
obtained from said subscriber. 

31. The apparatus of claim 29 wherein a means for negotiating for the transport of 
multi-protocol data packets further comprises: 

a means for negotiating a Point-to-Point Protocol session between said host and 
said network interface. 

32. The apparatus of claim 29 wherein a means for authorizing said subscriber to 
access said first domain and said second domain farther comprises: 

a means for writing said login information into memory. 

33. An apparatus for single-step subscriber logon of a host to a differentiated data 
communication network having access to a first domain and a second domain 
comprising: 

a means for receiving login information from the subscriber; 
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a means for authenticating said subscriber based upon said login information; 
a means for storing said login information in memory; 

a means for notifying the subscriber's host once a successful authentication 
process has been completed; 

a means for negotiating an address allocation session with said host; 
a means for assigning a source address to said host; 

a means for negotiating for the transport of multi-protocol data packets over a 
point-to-point link existing between said host and a network interface; and 

a means for writing a subscriber-related entry into memory based upon said 
source address and said login information. 

34. A program storage device readable by a machine, tangibly embodying a program 
of instructions executable by the machine to perform a method for single-step subscriber 
logon to a differentiated data communications network including a first domain and a 
second domain, said method comprising: 

negotiating for the transport of multi-protocol data packets over a point-to-point 
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communication link between the host and a network interface; 
identifying a source address for a host; and 

authorizing said host to access said first domain and said second domain based 
upon login information obtained from said subscriber. 

35 . The program storage device of claim 34 further comprising: 

authenticating said subscriber based upon login information obtained from said 
subscriber. 

36. The program storage device of claim 34 wherein authorizing said subscriber to 
access said first domain and said second domain further comprises: 

writing said login information into memory. 

37. A program storage device readable by a machine, tangibly embodying a program 
of instructions executable by the machine to perform a method for single-step subscriber 
logon to a differentiated data communication network including secure simultaneous 
access capabilities to a first domain and a second domain, said method comprising: 

negotiating for the transport of multi-protocol data packets over a point-to-point 
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communication link between the subscriber's host and a network interface; 
identifying a source address for a subscriber; and 

authorizing said subscriber to access said first domain and said second domain 
based upon login information obtained from said subscriber. 

38. The program storage device of claim 37 further comprising: 

authenticating said subscriber based upon login information obtained from said 
subscriber. 

39. The program storage device of claim 37 further comprising: 
writing said login information into memory. 

40. An apparatus for single-step subscriber logon of a host to a differentiated data 
communication network having access to a first domain and a second domain 
comprising: 

a multi-protocol point-to-point link negotiator capable of establishing a 
communication link for the transport of multi-protocol data packets between said host 
and a network interface; 
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an IP source address negotiator capable of defining a source address for a host, 
said IP source address negotiator in communication with said host; and 

a registration memory in communication with said authentication processor and 
said source address negotiator for tabulating subscriber identification information and 
said source address. 

41. The apparatus of claim 30 further comprising: 

an authentication processor capable of authenticating said subscriber based upon 
login information said authentication processor in communication with said host. 

42. An apparatus for single-step subscriber logon of a host to a differentiated data 
communication network having access to a first domain and a second domain 
comprising: 

a multi-protocol point-to-point link negotiator in communication with said host 
for establishing a communication link; 

an authentication processor in communication with said host for receiving login 
information from said host and for authenticating said subscriber; 
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a notifier in communication with said authentication processor and said host for 
notifying said host of authentication status; 

a source address negotiator in communication with said host for negotiating a 
dynamic IP address; and 

a registration memory in communication with said authentication processor and 
said source address negotiator for tabulating said login information and said source 
address. 
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